Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.3(2)JA - Overview [Cisco Aironet 1100 Series]

Table Of Contents

Overview

Features

Management Options

Network Configuration Examples

Root Unit on a Wired LAN

Central Unit in an All-Wireless Network

Overview

(hereafter called access points) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, Cisco s are Wi-Fi certified, 802.11b-compliant, 802.11g-compliant, and 802.11a-compliant wireless LAN transceivers.

An serves as the connection point between wireless and wired networks or as the center point of a stand-alone wireless network. In large installations, wireless users within radio range of an can roam throughout a facility while maintaining seamless, uninterrupted access to the network.

You can configure and monitor the wireless device using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP).

•The 1230AG series is pre-configured to include both an 802.11g and an 802.11a radio. It has antenna connectors for externally attached antennas for both radios.

This chapter provides information on the following topics:

•Features

•Management Options

•Network Configuration Examples

•Network Configuration Examples

Features

s running Cisco IOS software offer these features:

Note The proxy Mobile-IP feature is not supported in Cisco IOS Release 12.3(2)JA.

•World mode—Use this feature to communicate the regulatory setting information, including maximum transmit power and available channels, to world mode-enabled clients. Clients using world mode can be used in countries with different regulatory settings and automatically conform to local regulations.

•Multiple SSIDs—Create up to 16 SSIDs on the wireless device and assign any combination of these settings to each SSID:

–Broadcast SSID mode for guests on your network

–Client authentication methods

–Maximum number of client associations

–VLAN identifier

–RADIUS accounting list identifier

•VLANs—Assign VLANs to the SSIDs on the wireless device (one VLAN per SSID) to differentiate policies and services among users.

•QoS—Use this feature to support quality of service for prioritizing traffic from the Ethernet to the . The also supports the voice-prioritization schemes used by 802.11b wireless phones such as Spectralink Netlink™ and Symbol Netvision™.

•RADIUS Accounting—Enable accounting on the to send accounting data about wireless client devices to a RADIUS server on your network.

•TACACS+ administrator authentication—Enable TACACS+ for server-based, detailed accounting information and flexible administrative control over authentication and authorization processes. It provides secure, centralized validation of administrators attempting to gain access to the wireless device.

•Enhanced security—Enable three advanced security features to protect against sophisticated attacks on your wireless network's WEP keys: Message Integrity Check (MIC), WEP key hashing, and broadcast WEP key rotation.

•Wi-Fi Protected Access (WPA)—Wi-Fi Protected Access is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages Temporal Key Integrity Protocol (TKIP) for data protection and 802.1X for authenticated key management.

•Access point as backup or stand-alone authentication server—You can configure an access point to act as a local authentication server to provide authentication service for small wireless LANs without a RADIUS server or to provide backup authentication service in case of a WAN link or a server failure. The access point can authenticate up to 50 LEAP-enabled wireless client devices and allow them to join your network. Access points can provide backup MAC-address authentication service for up to 50 addresses.

•HTTPS - HTTP with SSL 3.0—This feature supports a Secure Sockets Layer (SSL)/Secure Hypertext Transfer Protocol (HTTPS) method of managing Cisco s through a Web browser.

•AES-CCMP—This feature supports Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP). AES-CCMP is required for Wi-Fi Protected Access 2 (WPA2) and IEEE 802.11i wireless LAN security.

•IEEE 802.1X Local Authentication Service for EAP-FAST—This feature expands wireless domain services (WDS) IEEE 802.1X local authentication to include support for Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST). IEEE 802.1X local authentication was introduced in Cisco IOS Release 12.2(11)JA.

•Wi-Fi Multimedia (WMM) Required Elements—This feature supports the required elements of WMM. WMM is designed to improve the user experience for audio, video, and voice applications over a Wi-Fi wireless connection. WMM is a subset of the IEEE 802.11e Quality of Service (QoS) draft standard. WMM supports QoS prioritized media access via the Enhanced Distributed Channel Access (EDCA) method. Optional elements of the WMM specification including call admission control using traffic specifications (TSPEC) are not supported in this release.

•VLAN Assignment By Name—This feature allows the RADIUS server to assign a client to a virtual LAN (VLAN) identified by its VLAN name. In releases before Cisco IOS Release 12.3(2)JA, the RADIUS server identified the VLAN by ID. This feature is important for deployments where VLAN IDs are not used consistently throughout the network.

•HTTP Web Server v1.1—This feature provides a consistent interface for users and applications by implementing the HTTP 1.1 standard (see RFC 2616). In previous releases, Cisco software supported only a partial implementation of HTTP 1.0. The integrated HTTP Server API supports server application interfaces. When combined with the HTTPS and HTTP 1.1 Client features, provides a complete, secure solution for HTTP services to and from Cisco devices.

•IP-Redirect—This features provides the capability to redirect traffic intended for a particular destination to another IP address specified by the administrator.

Management Options

You can use the wireless device management system through the following interfaces:

•The Cisco IOS command-line interface (CLI), which you use through a console port or Telnet session. Use the interface dot11radio global configuration command to place the wireless device into the radio configuration mode.

•A web-browser interface, which you use through a Web browser. Chapter 3, "Using the Web-Browser Interface," provides a detailed description of the web-browser interface.

•Simple Network Management Protocol (SNMP).

Network Configuration Examples

This section describes the access point role in common wireless network configurations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. The repeater role requires a specific configuration.

Root Unit on a Wired LAN

An access point connected directly to a wired LAN provides a connection point for wireless users. If more than one access point is connected to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) through another access point. The roaming process is seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN.

Figure 1-1 Access Points as Root Units on a Wired LAN

Central Unit in an All-Wireless Network

In an all-wireless network, an access point acts as a stand-alone root unit. The access point is not attached to a wired LAN; it functions as a hub linking all stations together. The access point serves as the focal point for communications, increasing the communication range of wireless users. Figure 1-2 shows an access point in an all-wireless network.

Figure 1-2 Access Point as Central Unit in All-Wireless Network

	Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.3(2)JA
	Overview
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.3(2)JA Preface Overview Configuring the Access Point for the First Time Using the Web-Browser Interface Using the Command-Line Interface Administering the Access Point Configuring Radio Settings Configuring Multiple SSIDs Configuring an Access Point as a Local Authenticator Configuring Cipher Suites and WEP Configuring Authentication Types Configuring WDS, Fast Secure Roaming, and Radio Management Configuring RADIUS and TACACS+ Servers Configuring VLANs Configuring QoS Configuring Filters Configuring CDP Configuring SNMP Configuring Repeater and Standby Access Points and Workgroup Bridge Mode Managing Firmware and Configurations Configuring System Message Logging Troubleshooting Channels and Antenna Settings Protocol Filters Supported MIBs Error and Event Messages Glossary	Download this chapter Overview Download the complete book Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.3(2)JA (Full book in PDF format) (PDF - 8 MB) Feedback Table Of Contents Overview Features Management Options Network Configuration Examples Root Unit on a Wired LAN Central Unit in an All-Wireless Network Overview (hereafter called access points) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, Cisco s are Wi-Fi certified, 802.11b-compliant, 802.11g-compliant, and 802.11a-compliant wireless LAN transceivers. An serves as the connection point between wireless and wired networks or as the center point of a stand-alone wireless network. In large installations, wireless users within radio range of an can roam throughout a facility while maintaining seamless, uninterrupted access to the network. You can configure and monitor the wireless device using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). •The 1230AG series is pre-configured to include both an 802.11g and an 802.11a radio. It has antenna connectors for externally attached antennas for both radios. This chapter provides information on the following topics: •Features •Management Options •Network Configuration Examples •Network Configuration Examples Features s running Cisco IOS software offer these features: Note The proxy Mobile-IP feature is not supported in Cisco IOS Release 12.3(2)JA. •World mode—Use this feature to communicate the regulatory setting information, including maximum transmit power and available channels, to world mode-enabled clients. Clients using world mode can be used in countries with different regulatory settings and automatically conform to local regulations. •Multiple SSIDs—Create up to 16 SSIDs on the wireless device and assign any combination of these settings to each SSID: –Broadcast SSID mode for guests on your network –Client authentication methods –Maximum number of client associations –VLAN identifier –RADIUS accounting list identifier •VLANs—Assign VLANs to the SSIDs on the wireless device (one VLAN per SSID) to differentiate policies and services among users. •QoS—Use this feature to support quality of service for prioritizing traffic from the Ethernet to the . The also supports the voice-prioritization schemes used by 802.11b wireless phones such as Spectralink Netlink™ and Symbol Netvision™. •RADIUS Accounting—Enable accounting on the to send accounting data about wireless client devices to a RADIUS server on your network. •TACACS+ administrator authentication—Enable TACACS+ for server-based, detailed accounting information and flexible administrative control over authentication and authorization processes. It provides secure, centralized validation of administrators attempting to gain access to the wireless device. •Enhanced security—Enable three advanced security features to protect against sophisticated attacks on your wireless network's WEP keys: Message Integrity Check (MIC), WEP key hashing, and broadcast WEP key rotation. •Wi-Fi Protected Access (WPA)—Wi-Fi Protected Access is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. WPA leverages Temporal Key Integrity Protocol (TKIP) for data protection and 802.1X for authenticated key management. •Access point as backup or stand-alone authentication server—You can configure an access point to act as a local authentication server to provide authentication service for small wireless LANs without a RADIUS server or to provide backup authentication service in case of a WAN link or a server failure. The access point can authenticate up to 50 LEAP-enabled wireless client devices and allow them to join your network. Access points can provide backup MAC-address authentication service for up to 50 addresses. •HTTPS - HTTP with SSL 3.0—This feature supports a Secure Sockets Layer (SSL)/Secure Hypertext Transfer Protocol (HTTPS) method of managing Cisco s through a Web browser. •AES-CCMP—This feature supports Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP). AES-CCMP is required for Wi-Fi Protected Access 2 (WPA2) and IEEE 802.11i wireless LAN security. •IEEE 802.1X Local Authentication Service for EAP-FAST—This feature expands wireless domain services (WDS) IEEE 802.1X local authentication to include support for Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST). IEEE 802.1X local authentication was introduced in Cisco IOS Release 12.2(11)JA. •Wi-Fi Multimedia (WMM) Required Elements—This feature supports the required elements of WMM. WMM is designed to improve the user experience for audio, video, and voice applications over a Wi-Fi wireless connection. WMM is a subset of the IEEE 802.11e Quality of Service (QoS) draft standard. WMM supports QoS prioritized media access via the Enhanced Distributed Channel Access (EDCA) method. Optional elements of the WMM specification including call admission control using traffic specifications (TSPEC) are not supported in this release. •VLAN Assignment By Name—This feature allows the RADIUS server to assign a client to a virtual LAN (VLAN) identified by its VLAN name. In releases before Cisco IOS Release 12.3(2)JA, the RADIUS server identified the VLAN by ID. This feature is important for deployments where VLAN IDs are not used consistently throughout the network. •HTTP Web Server v1.1—This feature provides a consistent interface for users and applications by implementing the HTTP 1.1 standard (see RFC 2616). In previous releases, Cisco software supported only a partial implementation of HTTP 1.0. The integrated HTTP Server API supports server application interfaces. When combined with the HTTPS and HTTP 1.1 Client features, provides a complete, secure solution for HTTP services to and from Cisco devices. •IP-Redirect—This features provides the capability to redirect traffic intended for a particular destination to another IP address specified by the administrator. Management Options You can use the wireless device management system through the following interfaces: •The Cisco IOS command-line interface (CLI), which you use through a console port or Telnet session. Use the interface dot11radio global configuration command to place the wireless device into the radio configuration mode. •A web-browser interface, which you use through a Web browser. Chapter 3, "Using the Web-Browser Interface," provides a detailed description of the web-browser interface. •Simple Network Management Protocol (SNMP). Network Configuration Examples This section describes the access point role in common wireless network configurations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. The repeater role requires a specific configuration. Root Unit on a Wired LAN An access point connected directly to a wired LAN provides a connection point for wireless users. If more than one access point is connected to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) through another access point. The roaming process is seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN. Figure 1-1 Access Points as Root Units on a Wired LAN Central Unit in an All-Wireless Network In an all-wireless network, an access point acts as a stand-alone root unit. The access point is not attached to a wired LAN; it functions as a hub linking all stations together. The access point serves as the focal point for communications, increasing the communication range of wireless users. Figure 1-2 shows an access point in an all-wireless network. Figure 1-2 Access Point as Central Unit in All-Wireless Network
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks